Data Center Certifications and Compliances strengthen quality of service and contribute to market competitiveness

 

With 18 Data Centers in Latin America, Cirion’s services are certified by ISO, by the Uptime Institute’s Tier III, comply with PCI-DDS and AICPA’s SOC 1, SOC 2, and SOC 3.

 

Just think about all the activities you do online daily. Now, imagine 4.66 billion people doing the same[1]. These are millions of terabytes generated every day. And, for all this information to be quickly and securely processed and circulated around the world, data centers are needed.

A good data center infrastructure has been an imperative for organizations to escalate their operation – providing, of course, data security, capacity, and efficiency. But how can we know if these attributes will be delivered?

In the same way that diplomas endorse an individual’s aptitude for a given profession, companies also receive certifications for their performance, products, or services, attesting to their quality and security. Therefore, when viewing a data center, you can search for the certifications obtained and evaluate its capacity to provide services that will meet your business needs.

 

Why are certifications so important?

Data center certifications ensure the efficiency of processes and attest that the service meets international rules and standards for Quality, IT Services Management, and Information and Infrastructure Security, Business Continuity, Information Privacy Management, among others. As an example, we can name certifications ISO 9001, ISO 20000-1, ISO 27001, ISO 22301, ISO 27701 and Uptime Institute’s Tier.

Compliances also play a significant role. Although they are similar to certifications, they are issued as compliance reports rather than certificates. Thus, they should be called compliances instead of certifications. Included here are PCI-DSS e AICPA’s SOC1, SOC2, and SOC3.

The data center market is in increasing demand. GlobalData predicts that the sector’s revenue will go from US$ 466 billion (2020) to US$ 949 billion by 2030[2]. Amidst this whirlwind of data processing, the certifications benefit all parties: they are a differential for companies, contribute to market competitiveness, and help customers select a qualified provider.

 

Proven quality

Cirion offers one of the most interconnected Data Center platforms in Latin America, with 18 proprietary data centers. Our services portfolio offers an IT platform to support business applications through Cloud and Security solutions, in addition to infrastructure such as Hosting and Colocation, developed with architecture based on strict security standards (physical and logical) to provide reliable services.

To verify and maintain quality levels, our services count on several certifications and compliances:

 

ISO Certifications

Created in 1947, the International Organization for Standardization (ISO) is an international non-governmental organization which aims to facilitate globally the coordination and unification of industrial standards. You have probably heard about it, since it is applied in several sectors, including data centers.

The entire certification process occurs in three stages. First, there is an internal auditing, carried out by auditors who are certified in the respective rules and generate a report with recommendations and non-compliances, in addition to informing the strengths of the Management System audited. Then, there is an external auditing, endorsing the company if it meets all norm requirements and recommending it as fit to receive the certification, with the final approval occurring in Germany. ISO certifications are valid for three years and annual auditing is necessary to ensure that they are maintained. When expired, there must be a recertification process, which will ensure validity for 3 more years.

Cirion’s data centers in Latin America possess the following certifications:

• ISO 9001 – centered on Quality System.
  • Argentina: Buenos Aires certified since 2007;
  • Brazil: Cotia (SP), Rio de Janeiro (RJ) and Curitiba (PR) certified since 2014;
  • Chile: Santiago certified since 2019;
  • Colombia: Bogotá 1 SUBA and Bogotá 2 COLXV certified since 2017 and Cali certified since 2019;
  • Ecuador: Quito certified since 2020;
  • Peru: Lima certified since 2019;
• ISO 20000-1 – centered on Service Management System.
  • Brazil: Cotia (SP), certified since 2018; Rio de Janeiro (RJ) and Curitiba (PR) certified since 2019;
• ISO 22301 – centered on Business Continuity Management System.
  • Brazil: Cotia (SP), Rio de Janeiro (RJ) and Curitiba (PR) certified since 2021;
  • Colombia: Bogotá 1 SUBA , Bogotá 2 COLXV and Cali certified since 2023;
  • Peru: Lima certified since 2024;
• ISO 27001 – centered on Information Security Management.
  • Argentina: Buenos Aires certified since 2013;
  • Brazil: Cotia (SP), Rio de Janeiro (RJ) and Curitiba (PR) certified since 2016;
  • Chile: Santiago certified since 2018;
  • Colombia: Bogotá 1 SUBA and Bogotá 2 COLXV certified since 2016 and Cali certified since 2019;
  • Ecuador: Quito certified since 2018;
  • Peru: Lima certified since 2018;
• ISO 27017 – centered on Information Security Management System – Practice code for Information Security Controls for cloud services.
  • Argentina: Buenos Aires certified since 2019;
  • Brazil: Cotia (SP) and Rio de Janeiro (RJ) certified since 2017;
  • Chile: Santiago certified since 2019;
  • Colombia: Bogotá 2 COLXV certified since 2018;
  • Peru: Lima certified since 2019;
• ISO 27018 – focused on Information Security Management System – Practice code for the protection of Personal Identification Information for cloud services.
  • Argentina: Buenos Aires certified since 2020;
  • Brazil: Cotia (SP) and Rio de Janeiro (RJ) certified since 2020;
  • Chile: Santiago certified since 2022;
  • Colombia: Bogotá 2 COLXV certified since 2020;
  • Peru: Lima certified since 2020;

• ISO 27701 – focused on Information Privacy Management System.
  • Brazil: Cotia(SP), Rio de Janeiro (RJ) and Curitiba (PR) certified since 2023;
  • Colombia: Bogotá 1 SUBA, Bogotá 2 COLXV and Cali certified since 2024;
  • Peru: Lima certified since 2024;

 

Tier – Uptime Institute

Founded in 1993 in the United States, the Uptime Institute is a globally recognized entity which created the Tier certifications, aiming to measure and qualify the availability of a data center’s infrastructure. It currently counts on 3,400 certifications, in 114 countries.

The certification is based on the Tier Standard, which encompasses criteria related to power supply, engine generators, cooling equipment, security (such as fire detection and control), and automation.  It is divided into four levels:

• Tier I – basic infrastructure, non-redundant, single distribution path;
• Tier II – have redundant capacity;
• Tier III – have multiple independent distribution paths and are characterized by their double power source, which means that in case of unavailability due to electrical or climate issues, another system is ready to keep up these functions. Therefore, maintenances can be carried out without the need to shut down the data center;
• Tier IV – independent, fault-tolerant, double-feeding equipment. They demand a high level of automation to execute corrections without manual needs.

Furthermore, it is categorized into:

• Design Documents: evaluates infrastructure, performance, and capacity
• Constructed Facility: endorses construction according to the project
• Operational Sustainability: observes the process and its maturity to ensure availability.

Cirion’s Data Center in Latin America possesses the following certifications:

• Brazil: Cotia (SP) and Rio de Janeiro (RJ) certified Tier III Certification of Design Documents; and Cotia (SP) certified Tier III Certification of Constructed Facility
• Chile: Santiago certified Tier III Certification of Design Documents;
• Colombia: Bogotá 2 COLXV certified Tier III Certification of Design Documents and Tier III Certification of Constructed Facility;
• Ecuador: Quito certified Tier III Certification of Design Documents and Tier III Certification of Constructed Facility;
• Peru: Lima certified Tier III Certification of Design Documents;

 

Compliance with PCI-DSS

Created in 2006 by the Payment Card Industry Security Standards Council (PCI SSC), it is formed by MasterCard, American Express, Visa, JCB International, and Discover Financial Services, which aligned their individual policies to create PCI-DSS. This is an international security pattern which strives for creating an additional layer of protection for card issuers, ensuring that merchants meet the minimum levels of security when storing, processing, and transmitting the card holder’s information.

The evaluation process is annual and like an auditioning process, conducted through a QSA (Qualified Security Assessor); if compliant with all 12 requisites, a compliance certificate called AoC (Attestation of Compliance) is issued.

Cirion’s data centers in América Latina have the following certifications:

• Argentina: Buenos Aires 1 in compliance since 2017 and Buenos Aires 2 Teleport in compliance since 2019;
• Brazil: Cotia (SP), Rio de Janeiro (RJ) and Curitiba (PR) in compliance since 2016;
• Chile: Santiago in compliance since 2017;
• Colombia: Bogotá 1 SUBA, Bogotá 2 COLXV and Cali in compliance since 2017;
• Ecuador: Quito in compliance since 2018 and Guayaquil since 2024;
• Peru: Lima 1 in compliance since 2017 and Lima 2 Lurín in compliance since 2019;

 

SOC Compliance

Created in 2009 by the Association of International Certified Professional Accountants (AICPA), it replaces the SAS 70 report. It is an international standard which intends to provide our customers’ auditors sufficient evidence on Cirion’s internal controls, information security and IT controls.

The process for obtaining the report is annual and like an auditing process, conducted by a specialized consultant; if compliant with all objectives, a report certifying the evaluated period is issued.

• SOC 1 – SOC report centered on providing reasonable assurance that Cirion’s financial statements are reliable and put together according to the IFRS’ Internal Control over Financial Reporting (ICFR).
  • Argentina: Buenos Aires in compliance since 2008;
  • Brazil: Cotia (SP) in compliance since 2007, Rio de Janeiro (RJ) in compliance since 2012 and Curitiba (PR) since 2020;
  • Chile: Santiago in compliance since 2007;
  • Colombia: Bogotá 2 COLXV in compliance since 2013 and Cali in compliance since 2019;
  • Ecuador: Quito in compliance since 2019;
  • Peru: Lima in compliance since 2018.
• SOC 2 – SOC report centered on Information Security based on Trust Services Criteria.
  • Brazil: Cotia (SP) in compliance since 2019;
  • Chile: Santiago in compliance since 2023;
  • Colombia: Bogotá 2 COLXV in compliance since 2020 and Cali since 2021;
  • Perú: Lima in compliance since 2019;
• SOC 3 – SOC report focused on Information Security based on the Trust Services Criteria for General Use Report.
  • Brazil: Cotia (SP) in compliance since 2020;
  • Chile: Santiago in compliance since 2023;
  • Colombia: Bogotá 2 COLXV in compliance since 2020 and Cali since 2021;
  • Perú: Lima in compliance since 2020;

 

The 4^th Industrial Revolution is already part of our reality, and it increasingly demands more agility and capacity for managing data. Therefore, Data Centers offer high-level security, advanced network, clean and continuous energy, specialized support, and a global ecosystem. All this with a high-availability, low-latency network – endorsed by certificates and compliances – to maintain your business connected.

 

[1] Report We Are Social and Hootsuite – 2021

[2] Data Centers – Thematic Research – 2021

 

Author:
Nelma Santos
Data Center, Cloud & Security Processes Manager
Cirion, Brasil

Nelma coordinates certifications and compliances for Cirion’s 18 Data Centers in Latin America.  She is responsible for Cirion’s Integrated Management System, centered on customer experience through an efficient practice of continuous improvement.